PT-2026-25646

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

PT-2026-25654

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution...

PT-2026-25648

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

MAL-2026-1501 Malicious code in @storylane/uikit (npm)

The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

PT-2026-25652

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

PT-2026-25657

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-57543

Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...

Fedora 42 : pcs (2026-c8dc2c0de3)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c8dc2c0de3 advisory. - Rebased pcs to the newest major version see CHANGELOG.md - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.2 s...

Fedora 43 : pcs (2026-88c901f6a2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-88c901f6a2 advisory. - Rebased pcs to the newest major version see CHANGELOG.md - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.2 s...

EUVD-2025-208645

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

EUVD-2023-45249

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, and 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2025-14504

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering...

CVE-2025-13702

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2023-40693

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, and 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2023-40693 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, and 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2023-40693

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, and 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2023-40693

CVE-2023-40693 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (versions 6.1.0.0–6.1.2.7_2; 6.2.0.0–6.2.0.5_1; 6.2.1.0–6.2.1.1_1). The vulnerability is cross-site scripting (XSS) in the Web UI, allowing embedding of arbitrary JavaScript code and potentially leading to credential...

CVE-2025-14504 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering...

CVE-2025-14504

CVE-2025-14504 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway across multiple release lines: 6.1.0.0–6.1.2.7_2, 6.2.0.0–6.2.0.5_1, 6.2.1.0–6.2.1.1_1, and 6.2.2.0. The issue is a cross-site scripting (XSS) vulnerability that allows an authenticated user to inject arbitrary JavaS...

CVE-2026-0835

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...